Security News > 2022 > June > Watch out for phishing emails that inject spyware trio
An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information.
From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.
"It provides information collection like clipboard logger, keylogger, application credentials, Webcam logging, and Voice Recording. It has wide control commands for controlling the victim's device, including downloading and executing a file, performing remote desktop control, controlling processes and services, reverse socks, and more."
In the phishing campaign uncovered by Fortinet, an email arrives with an Excel file that contains malicious macros.
Phishing has been a preferred method for threat groups to get their malware into corporate networks, and only increased since the COVID-19 pandemic sent most employees home to work, outside the corporate network.
According to Verizon, there were 11 percent more phishing attacks in 2021 than the year before, and email security firm Tessian argued that phishing is the second most expensive cause of all data breaches in a report.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/06/01/phishing-rat-bitrat-fortinet/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)